Commit f87deada authored Feb 14, 2018 by Gavin Schenk Committed by Greg Kroah-Hartman Mar 15, 2018

siox: fix possible buffer overflow in device_add_store



Width 20 given in format string is larger than destination
buffer 'type[20]', use %19s to prevent overflowing it.

Fixes: bbecb07f ("siox: new driver framework for eckelmann SIOX")
Cc: stable <stable@vger.kernel.org>
Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Gavin Schenk <g.schenk@eckelmann.de>
Reviewed-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 3ba9faed

drivers/siox/siox-core.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -594,7 +594,7 @@ static ssize_t device_add_store(struct device *dev,
		size_t inbytes = 0, outbytes = 0;
		u8 statustype = 0;

		ret = sscanf(buf, "%20s %zu %zu %hhu", type, &inbytes,
		ret = sscanf(buf, "%19s %zu %zu %hhu", type, &inbytes,
		&outbytes, &statustype);
		if (ret != 3 && ret != 4)
		return -EINVAL;